Use prepared statements with substitution parameters

In Derby, as with most relational database management systems, performing
an SQL request has two steps: compiling the request and executing it. When
you use prepared statements (java.sql.PreparedStatement) instead of statements (java.sql.Statement)
you can help Derby avoid unnecessary compilation, which saves time.
In general, any query that you will use more than once should be a prepared
statement.